WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH v2] add SMEP support to HVM guest

from [Tim Deegan] [Permanent Link][Original]
To: "Li, Xin" <xin.li@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH v2] add SMEP support to HVM guest
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Mon, 6 Jun 2011 13:49:20 +0100
Cc: Jan, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Beulich <JBeulich@xxxxxxxxxx>
Delivery-date: Mon, 06 Jun 2011 05:50:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <FC2FB65B4D919844ADE4BE3C2BB739AD5AB9EEC0@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <FC2FB65B4D919844ADE4BE3C2BB739AD5AB9EE1D@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20110606083750.GU5098@xxxxxxxxxxxxxxxxxxxxxxx> <FC2FB65B4D919844ADE4BE3C2BB739AD5AB9EEC0@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.21 (2010-09-15) 
At 18:51 +0800 on 06 Jun (1307386302), Li, Xin wrote:
> > > -    if ( hvm_nx_enabled(current) )
> > > +    if ( hvm_nx_enabled(current) ||
> > > +         (!(pfec & PFEC_user_mode) && hvm_smep_enabled(current)) )
> > 
> > Shouldn't that be
> > "if ( hvm_nx_enabled(current) || hvm_smep_enabled(current) )"?
> 
> A smep fault happens when
> 1) current privilege level < 3

But this code is setting the PFEC_insn_fetch bit, not triggering a page
fault.   And the new PRM says (4.7): 

   I/D flag (bit 4).

   This flag is 1 if (1) the access causing the page-fault exception was
   an instruction fetch; and (2) either (a) CR4.SMEP = 1; or (b) both
   (i) CR4.PAE = 1 (either PAE paging or IA-32e paging is in use); and
   (ii) IA32_EFER.NXE = 1. Otherwise, the flag is 0. This flag describes
   the access causing the page-fault exception, not the access rights
   specified by paging.

> > There's no need to add SMEP-specific code at every level.  The existing
> > code already checks for flags that must be clear, so just arrange for
> > _PAGE_USER to be in both mflags and iflags whenever SMEP is enabled and
> > PFEC_user is clear.
> 
> 2) user flags in all page table level entries are set instead of clear.

Oh I see - yes, this introduces a whole new kind of logic in pagetable
walks.  I've attached a version of your patch that I think will do the
right thing, and that's tidied up in a few other places.  Can you check
to see that it does what you need?

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

Attachment: smep
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] libxl: Support linux-stubdom in libxl, ZhouPeng
Next by Date:  RE: [Xen-devel] slow xp hibernation revisited, Stefano Stabellini
Previous by Thread:  RE: [Xen-devel] [PATCH v2] add SMEP support to HVM guest, Li, Xin
Next by Thread:  RE: [Xen-devel] [PATCH v2] add SMEP support to HVM guest, Li, Xin
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy